From 4c1639535b14b2dcdd3cbd09499243a17369c96d Mon Sep 17 00:00:00 2001
From: David Tomaschik <david@systemoverlord.com>
Date: Thu, 8 Oct 2015 16:08:40 -0700
Subject: [PATCH] Have a notion of fully trusted vs partially trusted keys.

---
 install.sh                          | 12 +++++++++++-
 keys/ssh/id_rsa_glaptop.pub         |  1 +
 keys/ssh/trusted/id_ecdsa_human.pub |  1 +
 keys/ssh/trusted/id_rsa_human.pub   |  1 +
 4 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 keys/ssh/id_rsa_glaptop.pub
 create mode 120000 keys/ssh/trusted/id_ecdsa_human.pub
 create mode 120000 keys/ssh/trusted/id_rsa_human.pub

diff --git a/install.sh b/install.sh
index f311a36..8a85cd3 100755
--- a/install.sh
+++ b/install.sh
@@ -6,6 +6,7 @@ set errexit
 BASEDIR=${BASEDIR:-$HOME/.skel}
 MINIMAL=${MINIMAL:-0}
 INSTALL_KEYS=${INSTALL_KEYS:-1}
+TRUST_ALL_KEYS=${TRUST_ALL_KEYS:-0}
 INSTALL_PKGS=${INSTALL_PKGS:-$((1 - ${MINIMAL}))}
 
 if [[ ! -d $BASEDIR ]] ; then
@@ -110,7 +111,16 @@ function install_ssh_keys {
   echo 'Installing SSH keys...' >&2
   local AK="${HOME}/.ssh/authorized_keys"
   local key
-  for key in ${BASEDIR}/keys/ssh/* ; do
+  local keydir
+  if (( ${TRUST_ALL_KEYS} )) ; then
+    keydir=${BASEDIR}/keys/ssh
+  else
+    keydir=${BASEDIR}/keys/ssh/trusted
+  fi
+  for key in ${keydir}/* ; do
+    if [[ ! -f ${key} ]] ; then
+      continue
+    fi
     if ssh_key_already_installed "${key}" ; then
       echo "Key `basename ${key}` already installed..." >&2
       continue
diff --git a/keys/ssh/id_rsa_glaptop.pub b/keys/ssh/id_rsa_glaptop.pub
new file mode 100644
index 0000000..af9b7d0
--- /dev/null
+++ b/keys/ssh/id_rsa_glaptop.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vQiJn9J2KjNIwX427Zq0gpvD1XdR0j+3gY1DTG1yGU808a001YCw0UTQzaSfRZ0ixWyOiFiZ0UcyZnJlN/dQeIKvxWeIW6T3kjpkjzLiBJbloHT0CvqJoz/VAPuBKH9sVKabZlmufqM3B43XDCDS8UGcxUmHxSFSh4hsqurP+ywI8QsoLz1epiFeUQCqsLG5LZIpthAYDOXtxp6cVoKgosi+zJm7sHG/pIof//WMW1xFCArEQfiWXa3Mv3Ir+geKej3lmWPMZNyGpGVtH9w0VHmzPX6OY02CelUoqe/yQDqZ0SjVKm0WZOHStAep0sxVR7/zHvS36Wk0eSptuenR davidtomaschik@glaptop
diff --git a/keys/ssh/trusted/id_ecdsa_human.pub b/keys/ssh/trusted/id_ecdsa_human.pub
new file mode 120000
index 0000000..96efa95
--- /dev/null
+++ b/keys/ssh/trusted/id_ecdsa_human.pub
@@ -0,0 +1 @@
+../id_ecdsa_human.pub
\ No newline at end of file
diff --git a/keys/ssh/trusted/id_rsa_human.pub b/keys/ssh/trusted/id_rsa_human.pub
new file mode 120000
index 0000000..c535aae
--- /dev/null
+++ b/keys/ssh/trusted/id_rsa_human.pub
@@ -0,0 +1 @@
+../id_rsa_human.pub
\ No newline at end of file